Jira node name/id or version details are no longer shown to unauthenticated users
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
The System Dashboard page or login page no longer shows Jira version or Node id
Environment
Jira Software 8.20.x / Jira Service Management 4.20.x
Diagnosis
After upgrading from Jira software to 8.20.x or above or Jira Service Management 4.20.x or above, user can no longer see the node ID/Name or version information in the footer before logging in.
- Until user logs in, on the System Dashboard page
https://<BASE-URL>/secure/Dashboard.jspayou can no longer see the Jira version or ID in the page footer
:
- Even if you directly hit the login page https://<BASE-URL>/login.jsp user cannot see the node id or version footer:
Cause
We no longer show the Software details/version/node id to unauthenticated/anonymous users. This was done to safeguard customers when there's a new CVE or security issue is published as common knowledge, we didn't want "bad actors" to target your instance by knowing the version you're running and whether it's still affected by the vulnerability.
JRASERVER-70987 - Getting issue details... STATUS
The fix was to introduce the authcontext to the footer.vm.
#if ($authcontext.isLoggedInUser())
....<footer details here>...
#endSuggestion:
Considering the security issue the instance might get exposed to by exposing the software version information to anonymous users, we'd recommend not changing this behaviour. You can still find node id the user is connected to from the browser Development Tool:
Workaround:
However, if you feel this is absolutely necessary for you and you're ok with the security issues the instance might get exposed to you can modify the footer.vm file in the following way and you'd start to see the node ID even on the log in page:
IMPORTANT: The content below includes steps to customize or extend Atlassian software (adding/changing CSS rules, HTML, JavaScript, etc.). Per the Atlassian Support Offerings, support does not include customizations made to Atlassian products. Be aware that this material is provided for your information only and using it is done so at your risk.
As with all recommendations made by Atlassian Support, we expect that you will follow best practices for Change Management and will test and validate these settings in a Test/Development and Staging environment prior to rolling any changes into a Production environment. You must test and validate these changes to ensure that they will function well within your infrastructure prior to placing these changes in production.
- Stop Jira.
- Take a backup and open
$JIRA_INSTALL/atlassian-jira/WEB-INF/classes/templates/plugins/footer/footer.vmfile in a text editor. Locate the following two lines and remove them and save the file:
******** REMOVE THIS LINE #if ($authcontext.isLoggedInUser()) REMOVE THIS LINE ******** #set ($formattedCommitId = "") #if ($string.isNotBlank("$commitId")) ## shorten the Git SHA #set ($formattedCommitId = "-<span title='$!{commitId}' data-commit-id='${commitId}}'>sha1:${commitId.substring(0, 7)}</span>") #end #set ($formattedPartnerName = "#if ($string.isNotBlank($partnerName))-$partnerName#{else}#end") #set ($formattedNodeId = "#if ($string.isNotBlank($nodeId)):${nodeId}#{else}#end") <span id="footer-build-information">(v${buildVersion}#${buildNumber}${formattedCommitId}$!{formattedNodeId}${formattedPartnerName})</span> ******** REMOVE THIS LINE #end REMOVE THIS LINE ********- Start Jira.
- If on Data Center, repeat the steps on each node.
It might be necessary to re-apply this custom configuration after Jira upgrades.